Hi,
With a 3 tier farm, what type of setup is best to utilize for credential passing, the C2WTS or Kerberos? What type of web app auth would be best?
The reason I ask is because we are seeing issues where sometimes users are getting access denied when accessing SQL (during impersonation) as they are showing up as NT AUTHORITY\IUSR and we also see this error in ULS from our search service account and various
users.
"Could not retrieve a valid windows identity for username 'domain\user' with UPN 'user@domain.com'.
No windows identity for domain\user'
Some facts about the farm:
- Nothing fancy going on, no external services or external content types, just the usual services, user profile, mysite and search.
- Auth currently configured as Claims w/ NTLM
- Single web app that is exposed externally
- Apache reverse proxy to route external traffic and to be used as load balancer (could use Server2012 load balancer if needed)
I've read the guides on how to troubleshoot that error message but I'm more interested in the answer to which authentication and credential passing schema would be best in my scenario. It doesn't seem like Kerberos is necessary due to the simplicity of the farm but we will change if needed.
Thanks